danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Tarsnap (www.tarsnap.com) is an online backup service, similar to crashplan. It's distinguished by the fact that the backups are encrypted on the client side, and key generation and management are also done on the client side, meaning that the folks operating tarsnap can't read your data, even if they wanted to. The service is not free; you are charged both for data transfer (at $0.25/GB (not GiB)) and data storage (at $0.25/GB/mo). There are no minimum recurring fees; you are charged only for your usage.
Tarsnap uses a command-line utility to back up your data. This utility can be scripted, scheduled using cron, or otherwise controlled as you wish. This HOW-TO covers setting up a Tarsnap account and installing the client in a jail on your FreeNAS 9.3 server.
First, set up the account. Go to the Tarsnap registration page, enter your email address and a chosen password twice, answer the questions, and click submit. Once you receive the confirmation email, click on the link provided and log back in. You'll then need to add some funds to your account. The minimum is $5 US, but you can add as much as you like. They accept credit cards, PayPal, and Bitcoin.
Next, create a jail. For the sake of simplicity, I'd suggest calling it "tarsnap", but you can use any name you like.
Log into your FreeNAS server as root, run jls, and find your Tarsnap jail. Note the "JID" (the number) of the Tarsnap jail. Then do "jexec (JID) csh", replacing (JID) with the number associated with the tarsnap jail. You'll then be logged into the tarsnap jail as root.
Begin by upgrading your software packages. Run "pkg upgrade" and allow it to complete. For my installation, it first needed to upgrade pkg itself, and then took two passes of upgrading other packages. Then install GNUpg and nano by running "pkg install gnupg nano".
You're ready to download the tarsnap client. Use the following commands:
Make sure that the two SHA256 outputs (in red above) match to guarantee that the file hasn't been corrupted or tampered with. Now configure, build, and install the client:
Now that the Tarsnap client is installed, you'll need to generate cryptographic keys for your machine. Run
# tarsnap-keygen --keyfile /root/tarsnap.key --user me@example.com --machine freenas
You'll be asked to enter your Tarsnap account password, and then your machine will generate the keyfile as /root/tarsnap.key. Please note this warning from the Tarsnap documentation:
You now have the Tarsnap client installed and ready to run. You'll probably want to consult the general usage page and the man page for details on the syntax and usage of the client. You'll also most likely want to add some storage to the jail, so that it can read whatever data you want to back up.
Tarsnap uses a command-line utility to back up your data. This utility can be scripted, scheduled using cron, or otherwise controlled as you wish. This HOW-TO covers setting up a Tarsnap account and installing the client in a jail on your FreeNAS 9.3 server.
First, set up the account. Go to the Tarsnap registration page, enter your email address and a chosen password twice, answer the questions, and click submit. Once you receive the confirmation email, click on the link provided and log back in. You'll then need to add some funds to your account. The minimum is $5 US, but you can add as much as you like. They accept credit cards, PayPal, and Bitcoin.
Next, create a jail. For the sake of simplicity, I'd suggest calling it "tarsnap", but you can use any name you like.
Log into your FreeNAS server as root, run jls, and find your Tarsnap jail. Note the "JID" (the number) of the Tarsnap jail. Then do "jexec (JID) csh", replacing (JID) with the number associated with the tarsnap jail. You'll then be logged into the tarsnap jail as root.
Begin by upgrading your software packages. Run "pkg upgrade" and allow it to complete. For my installation, it first needed to upgrade pkg itself, and then took two passes of upgrading other packages. Then install GNUpg and nano by running "pkg install gnupg nano".
You're ready to download the tarsnap client. Use the following commands:
Code:
root@tarsnap:/ # mkdir tarsnap root@tarsnap:/ # cd tarsnap root@tarsnap:/tarsnap # fetch https://www.tarsnap.com/tarsnap-signing-key.asc tarsnap-signing-key.asc 100% of 1792 B 145 kBps 00m00s root@tarsnap:/tarsnap # fetch https://www.tarsnap.com/download/tarsnap-autoconf-1.0.35.tgz tarsnap-autoconf-1.0.35.tgz 100% of 586 kB 1148 kBps 00m01s root@tarsnap:/tarsnap # fetch https://www.tarsnap.com/download/tarsnap-sigs-1.0.35.asc tarsnap-sigs-1.0.35.asc 100% of 970 B 15 MBps 00m00s root@tarsnap:/tarsnap # gpg --import tarsnap-signing-key.asc gpg: Warning: using insecure memory! gpg: directory '/root/.gnupg' created gpg: new configuration file '/root/.gnupg/gpg.conf' created gpg: WARNING: options in '/root/.gnupg/gpg.conf' are not yet active during this run gpg: keybox '/root/.gnupg/pubring.kbx' created gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: key 46B64BEB: public key "Tarsnap source code signing key (Colin Percival) <cperciva@tarsnap.com>" imported gpg: Total number processed: 1 gpg: imported: 1 gpg: no ultimately trusted keys found root@tarsnap:/tarsnap # gpg --decrypt tarsnap-sigs-1.0.35.asc gpg: Warning: using insecure memory! SHA256 (tarsnap-autoconf-1.0.35.tgz) = 6c9f6756bc43bc225b842f7e3a0ec7204e0cf606e10559d27704e1cc33098c9a gpg: Signature made Tue Feb 17 23:50:47 2015 EST using RSA key ID 46B64BEB gpg: Good signature from "Tarsnap source code signing key (Colin Percival) <cperciva@tarsnap.com>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 38DA FD2C EEB3 E78D 8627 F548 6D0D 5B80 46B6 4BEB root@tarsnap:/tarsnap # sha256 tarsnap-autoconf-1.0.35.tgz SHA256 (tarsnap-autoconf-1.0.35.tgz) = 6c9f6756bc43bc225b842f7e3a0ec7204e0cf606e10559d27704e1cc33098c9a root@tarsnap:/tarsnap #
Make sure that the two SHA256 outputs (in red above) match to guarantee that the file hasn't been corrupted or tampered with. Now configure, build, and install the client:
Code:
# tar zxf tarsnap-autoconf-1.0.35.tgz # cd tarsnap-autoconf-1.0.35 # ./configure # make all install clean # cp /usr/local/etc/tarsnap.conf.sample /usr/local/etc/tarsnap.conf
Now that the Tarsnap client is installed, you'll need to generate cryptographic keys for your machine. Run
# tarsnap-keygen --keyfile /root/tarsnap.key --user me@example.com --machine freenas
You'll be asked to enter your Tarsnap account password, and then your machine will generate the keyfile as /root/tarsnap.key. Please note this warning from the Tarsnap documentation:
STORE THIS FILE SOMEWHERE SAFE! Copy it to a different system, put it onto a USB disk, give it to a friend, print it out (it is printable text) and store it in a bank vault — there are lots of ways to keep it safe, but pick one and do it. If you lose the Tarsnap key file, you will not be able to access your archived data.
You now have the Tarsnap client installed and ready to run. You'll probably want to consult the general usage page and the man page for details on the syntax and usage of the client. You'll also most likely want to add some storage to the jail, so that it can read whatever data you want to back up.